I’ve been doing AWS cost audits for years now, and the pattern is always the same. A company calls us because their bill feels wrong. We dig in, find a pile of waste, and within a week they’re spending 20-30% less. The fixes are rarely clever. They’re just things nobody had time to look at.
Last month we audited a mid-size SaaS company spending £11k a month on AWS. Got it down to about £7k. Most of the savings took less than a day to implement.
NAT Gateways
This is where I always start, because this is where the money hides.
NAT gateways look cheap, around $45/month each. Fine. But the real cost is the data processing charge: $0.045 per gigabyte flowing through them. That sounds like nothing until you check CloudWatch and realise your private subnets are pushing terabytes through every month.
We audited a logistics company last quarter. They were spending £4,200 a month on NAT gateways alone. Nobody had noticed because it was buried in the bill. Their entire compute spend was less than that.
The fix is straightforward. Set up VPC endpoints for the AWS services your private subnets talk to most. S3 and DynamoDB are almost always the biggest culprits. VPC endpoints are free and bypass NAT entirely. For that logistics client, we set up three endpoints and their NAT costs dropped to about £900. Took an afternoon.
If you’re running heavier workloads, a managed NAT instance can also be significantly cheaper than the gateway, though you take on the management overhead yourself.
Forgotten Resources
Every AWS account has a graveyard. EC2 instances someone spun up for a demo and forgot. Detached EBS volumes. Elastic IPs sitting there costing money for doing absolutely nothing.
We had a fintech client last year running three RDS instances that nobody on the team could explain. Turns out two were dev databases for a project that got cancelled eight months earlier. That was costing them north of £800 a month, just quietly ticking away.
Go into Cost Explorer, sort by service, and look. Check your EC2 dashboard sorted by launch date. Anything older than a few months that nobody recognises should probably go. And set up Cost Anomaly Detection so you catch this stuff before it runs for months.
Data Transfer
Most people know cross-region transfers cost money. What catches teams off guard is that traffic between availability zones in the same region costs about £10 per terabyte too. If your app is chatty with a database in another AZ, that adds up fast.
Check whether you need multi-AZ for everything. Production database? Yes. Dev environment? Almost certainly not.
Over-Provisioned Instances
Teams size their RDS instances for peak load and then leave them. Your database sits at 40% CPU most of the week but spikes on Monday mornings, so you’re paying for a massive instance around the clock.
Use Compute Optimiser. It’s free. Look at CloudWatch metrics over 90 days. Consistently under 50% utilisation? Drop a tier. You can scale back up in minutes.
Savings Plans
Just use them. Seriously. Reserved Instances give slightly better discounts but Savings Plans are more flexible across instance families and regions, and the maths works out close enough. A one-year commitment is usually the sweet spot.
Tagging
I won’t labour this point, but if you’re not tagging resources by environment, team, and project, you’re flying blind on costs. It takes an afternoon to set up properly and makes every future conversation about spending productive.
Most AWS waste isn’t bad architecture. It’s a pile of small things nobody’s had time to look at: NAT gateways processing data they don’t need to, forgotten resources ticking away, instances sized for worst cases that never arrive.
If your bill feels too high and you’re not sure where to start, give us a shout. We usually spot the big wins in the first conversation.